Domain typosquatting: best practices for brand protection

Domain typosquatting is in the news again with a recent report that .CM typosquatted sites have received 12 million visits just this year alone! Are you familiar with the basic brand protection strategies that will keep both your customers and brand reputation safe from typosquatting-related threats? Forewarned is forearmed.

One mistyped URL can unleash a serious hack attack!

Typosquatting - aka URL hijacking or brandjacking – is as old as the Internet, a form of domain squatting that occurs when someone registers a domain name often with the sole purpose of denying its use by another registrant. The coveted domain is inevitably one considered valuable to another registrant. The domain squatter is then in a position to monitise the domain, selling it to the other party for – well – as much as they can get for it.

But typosquatting is also used for even more malicious purposes: to infect bad spellers with malicious malware. That's right: one mislaid finger on your keyboard can lead to all kinds of trouble. Some cybersquatters will register domain names which are commonly misspelled or domain names which resemble more well-known domains but are varied just slightly – say, by the use of a hyphen, repeated character, or a missing letter. Whatever the variation, it’s common enough that it will pick up some traffic.

Chances are, at one time or another, you've left out in haste a letter when typing a URL. Maybe you’ve misspelled .COM, typing instead .OM, country code domain extension for the middle eastern country of Oman, which, as is turns out, is a pretty common mistake. In fact, .OM sites have proven among the most malicious of typosquatting sites. In 2016, .OM. sites resembling popular .COMs – Netflix and Citibank to name just two – were discovered to be redirecting numerous users to pages which attempted to install nefarious malware.

And as you probably know malware (or pop up) threats can vary. They can do everything from unleash ransomware to track and collect personal data, bypassing security systems and firewalls to collect information on customers, including credit card numbers.

.CM typosquatting sites visited 12 million times in 2018

Brian Krebs, an independent security journalist, has been reporting on one of the latest typosquatting threats, this one stemming from websites that end with the .CM ccTLD (Cameroon). Users searching for a .COM, but omitting the “O”, are being redirected to .CM sites which overwhelm them with fake alerts. Clicking on one of these alerts - offers to purchase phoney security software or chance to win “gift cards, coupons, and other amazing deals” by submitting a short survey - can unleash malware that locks up a user’s computer and exposes private information.

According to Kreb’s report, popular typosquatting .CM sites like espn.cm, itunes.cm, and pornhub.cm have this year alone attracted approximately 12 million visits from 8.5 million unique visitors. Notably, these sites are registered to a marketing firm called Media Breakaway, LLC which is headed by “Spam King” Scott Richtor, a convicted felon who has been sued by Microsoft, MySpace, and the New York Attorney General.

Krebs was able to obtain four-year old access logs for the entire network of 1,000 .CM typosquatting domains (before the network’s hosting provider deleted them). The logs when queried, indicate many hits came from IP addresses that resolved to .GOV or .MIL American government sites, with a large number of these visitors attempting to access porn sites.

Once again, users placed themselves at risk, making it easy for the typosquatting site to harvest personal, financial, and login information.

Brand protection strategies for domain registrants

Register your trademark

There's no law against registering available domain names; there are laws, however, against phishing and spreading vicious malware. If you think a domain name has been registered with blantent intent to intentionally confuse users, luring them away from your site into a typosquatting trap, under the Uniform Domain-Name Dispute Resolution-Policy (UDRP), you can - as a trademark holder - launch a Uniform Rapid Suspension (URS) complaint with the World Intellectual Property Organisation and have the site taken down. Of course, in order to do that, you'll need to first register your brand with the Trademark Clearinghouse (TMCH), ICANN’s database of protected trademarks.

Register multiple variations of your domain name

Register multiple spellings of your domain, singular, plural, hyphenated:brand.com, brands.com, brnds.com. And don’t forget your acronym which is just as prone to being misspelled as your full domain name is. Registering those misspellings could end up saving your customers and brand reputation in the long run.

Register more than one extension

Registering your domain with a variety of extensions – .COM, .NET, .ORG – limits opportunities for others to register a variation of your domain. While you're at it, don't forget to register your domain with various relevant country code domain extensions.

Be on the lookout for typosquatting traps

If possible, user should avoid directly navigating to sites. Rather than type a frequently visited site address into the browser every time you want to go there, which is just creating more opportunities for you to misspell the address, bookmark the site. This is an especially good move for any sites you use which store personal or financial information.

And you might even try typing those addresses a little more slowly next time. Everyone mistypes a web address at one time or another. We all make mistakes! But next time just be a little more aware of the dangers lurking behind that misspelling.

Don't forget: our team of experts is here to help with all your brand protection needs. Don't hesitate to get in touch if you'd like a chat or need advice on complicated legalities. We're more than happy to help.